The Treasury may be losing as much as $5 billion a year from fraudulent tax refund claims—and most of that fraud is entirely preventable.

The New York Times reported yesterday about the rampant use of identity theft to exploit weaknesses in the IRS’s tax refund processes, sometimes resulting in thousands of fraudulent refunds.

The most common form of fraud simply requires criminals to obtain a valid name and social security number, preferably from someone who won’t be filing a tax return. Then the criminal makes up wage and withholding information, files a tax return electronically (avoiding the need for an actual W-2 form), claims a few deductions and tax credits to produce a larger refund, and waits a couple of weeks for the refund.

Typically, the refunds are deposited electronically—often multiple refunds to the same account. In one especially egregious example, J. Russell George, the Treasury Inspector General for Tax Administration (TIGTA), testified about 4,157 “potentially fraudulent tax refunds … totaling $6.7 million … deposited into one of 10 bank accounts. Each … account had direct deposits of more than 300 refunds.”

The criminals also use debit cards to claim fraudulent refunds. The New York Times reported that swindlers in Florida use addresses for vacant houses (in ample supply), sometimes “even buying mailboxes for them, and collect the refunds there.”

The IRS has taken steps to stem the fraud. For example, it tries not to send refunds to dead people. All told, the IRS claims that it was able to stop $1.3 billion in potentially fraudulent returns through April 19, 2012.

But with massive budget cuts ($300 million this year) and pressure from Congress to process tax refunds quickly, the IRS is fighting a losing battle. Mr. Russell, the Treasury Inspector General, identified 1.5 million additional potentially fraudulent refunds totaling in excess of $5.2 billion that slipped through the cracks.

With appropriate resources and legislative authority, the IRS could prevent most of these refunds. For the past four years, it has sought authority to use the National Directory of New Hires, a database of wage and employment information maintained by the Department of Health and Human Services, to verify that information on tax returns actually corresponds to a real job. This would limit the ability of fraudsters to make up W-2’s, but so far, Congress has not granted the IRS the authority to use that information.

The ideal solution would be for the IRS to be able to match W-2 information with tax returns before processing a refund, but W-2’s are not due until the end of March (if filed electronically, February otherwise) and they go to the Social Security Administration (SSA) rather than IRS, which further delays availability of information to the IRS. If W-2’s were required to be transmitted to the SSA at the same time they were sent to workers and if SSA and IRS computers could talk to each other in real time, most of the refund fraud would be impossible. Obviously, this would put an additional burden on employers and some costly upgrades at SSA and IRS, so using the National Directory should be tried first.

Mr. George also said back in 2008 that “the IRS was not in compliance with direct deposit regulations that require tax refunds to be deposited into an account only in the name of the individual listed on the tax return.” The IRS has resisted that, presumably because of cost, but it seems an unfathomable oversight. George also recommended that the IRS limit the number of deposits into the same account and that the Treasury require financial institutions to verify the identity of debit card purchasers.